SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have the basic default 10.2 Slackware installed with no updates. Am I secure? I'm not really running much, that I know of, other than Firefox and Thunderbird.
If you have some type of firewall (like on a router or iptables) and you are running no web services, you are fairly secure. This keeps the script kiddies away for the most part. I have a Linksys router that does a pretty good job at dropping most scans. There are also online firewall building tools that create an iptables script for you.
But, you should keep your system up to date. There are tools like swaret that will make updating easier. You could also go to one of the mirrors and download all the files in the patches directory ( ftp://slackware.mirrors.tds.net/pub/...ches/packages/ ) and download them. Then cd into the directory and issue the command upgradepkg *.tgz.
Here is a link to a Slackware hardening page ( http://www.cochiselinux.org/files/sy...dening-0.4.txt ). It is a little dated, but you can easily make it work for 10.2. I have used it and some other pages to harden my web/email server and all has gone well so far (hope I didn't jinks myself).
The time spent updating is better than the time spend reinstalling.
I've been using it and really like it. It's been very reliable, and has really performed all the necessary security fixes in accordence with Pat's changelog.
I'm new, I tried swaret and it really did me wrong. I probably did something wrong most likely.
After you install slapt-get you just type in console:
'slapt-get --update'
that will download thd md5checksums and the changelog.
then you type:
'slapt-get --upgrade'
now go for a pizza...becuase if you use Pat's server it will be a very long time.
I suggest to get one of the mirror's url's and edit slapt-get's config file with the mirror's url address. It's explained really clearly in the readme file or the install text file on of the two.
Slapt-get did a nice job explaining what to do.
Also, I recommend once you do update, go to /var/slap-get and just copy the downloads to a cd or something as a backup, incase someday down the road you re-install.
I have the basic default 10.2 Slackware installed with no updates. Am I secure? I'm not really running much, that I know of, other than Firefox and Thunderbird.
Update your apps. For the most part, you, as an admin, will only have to worry about application-based vulnerabilities (although you should still worry about kernel-based apps). If any kernel vulns are out there that you are concerned about, address them by evaluating changelogs at slackware or kernel.org and assessing if any vulnerabilites are a concern to your network environment.
If you don't address the apps updates, sooner or later someone will gain local access to the box...I can think of a few apps that an attacker will use to gain access, Apache being one of them. Once a person gains local access and you've not updated the kernel, it may not be all that hard for him to gain root privileges by exploiting a kernel-based vuln. So, IMO, it's important that you do both, unless you're only going to allow access with something like SSH.
I know I'm going to get scolded for this by most people here, but I've been running Windows 98 without any updates whatsoever until I started getting into Linux without having any viruses, break-ins or similar grisliness as far as I can tell. The only malfunction I've registered have been BSODs galore, which resulted in badly broken hard drives, because of head crashs (For this, screw you, Microsoft). The only programs I used regularly online were: Firefox, Miranda, Winamp, Mirc and occasionally Starcraft and Quake3.
Two weeks after installing Slackware I looked a bit into security and found a gazillion lines in /var/log/messages about SSH login attempts. Luckily I had chosen a strong password for root from the start and most of the logins were basically a run-down of some script-kiddies dictionary (seriously, who uses 'bob' as a username? ).
So now I've switched off all the 'typical' 'server' daemons (e.g. sendmail, ssh, ftp and useless junk like cups). Judging by your post you're a desktop user, so you won't be needing these anyway.
I doubt an entire system update would be needed via swaret or slapt-get, since you're only using a few programs, but you never know what you might want to try or play around with. Of course, if you know you're definately only ever going to use Firefox & Thunderbird, an update of both and their additional software* should be enough.
* Unless of course, like me, you hate Flash, Java(Script) etc with a vengeance
if you are a desktop user just spend a bit of time to remove sever apps and remove unused services: eg I've just one machine with linux and I have not remote pcs so I don't use ssh ... this is the most important thing: remove unused tgz's, after all I don't see many troubles for a common desktop user (one of the million of users in this big world...)
of course a security fix of your apps is always reccomended...
The openssh in the install of 10.2 has a vulnerability that has probably been the cause of a machine being compromised that was reported in this forum recently.
You need to update this or disable the daemon.
Firefox and Thunderbird MUST be kept up to date.
Also beware of the jave jre.
The openssh in the install of 10.2 has a vulnerability that has probably been the cause of a machine being compromised that was reported in this forum recently.
You need to update this or disable the daemon.
I second that. Very Much. Also, make sure you choose a secure password.
Something else you may want to do is remove shells from any utility login. On my system, only root & my user have a valid shell, everthing else points to /bin/fals. I'd also go through the inetd.conf and your rc.d files and disable any processes you don't really need. (telnet, rpcbind, smaba, etc.) No need to leave anything running that you aren't actually using.
Best security though is to stick it behind a firewall appliance. Then the only thing you really need to worry about getting breached from the outside is your browser.
Distribution: 4 PCs: slack 10.1, fbsd 6-rel, Mac OS X 10.4.x, MS Win XP, Ubuntu (last two dual boot)
Posts: 1
Rep:
I'd like to add:
Besides updating packages from the security section in slackware.com ../patches/packages/*
Also, disable any(EVERY) server program you don't need.
Easy way is ( also as root):
cd /etc/rc.d/
chmod -x rc.sshd
and 'nmap localhost' and close anything you see. Then do an online scan from a free port scan website or if you have another computer scan yourself.
And also install and run every now and then 'rkhunter' and 'chkrootkit' (rootkit detection scripts)
as root like:
rkhunter --update
rkhunter -c
and 'chkrootkit'
and of course pick a really long and unguessable root password and just su from it from your regular account.
and don't forget if you use x11 and kdm to disable remote logins (unless you need them) even for root.
you can google for that 'disable remote port 6000 x11'
and use a firewall and also a 2nd firewall built-in to most routers for your lan if you have one.
I also don't read my email in html form ever. or any images (thats how to get your IP even if you don't reply to the email) I turn off Java in my web browsers completely and restrict a lot of javascript functions. And monitor your system all the time with gkrellm or use 'top' to see any weird jump in stuff. I use my slackware pc as my main one and I think with all that short of installing a intrusion detection system to like constantly sniff packets and compare and encrypt all my files (which is kind of extreme I think for just a home pc).
So, if you aren't running (m)any listening servers and keep updated and scan for rootkits and be smart and don't install suspect stuff you are pretty safe I think
Oh, I used to update clamav all the time and scan stuff i downloaded but that was a pain and I think unneccessary but that's one more step too if you want.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.